Forum

LDAP authentication

5 August, 2015

One of the ACL product uses Yellowfin component.
A question being asked by customer is if Dashboard (ACL product) can work with a certain kind of AD configuration:

Customer has an active directory forest with several domains (see picture ENI_LDAP). It was configured Dashboard LDAP using BASE DN: DC=pri (or DC=eni,DC=pr)i and all was working nicely (see picture Eni_pri_LDAP for working configuration).
Then the LDAP administrators suggested to change the BASE DN: in DC=vds wich is the base (almost root) of the LDAP. With this setting the test connection is working but when try to logon , the user cannot be checked against LDAP Group. See picture VDS_LDAP for non-working configuration and Dashboard_login_error for the login error using DC=VDS.

It seems like Dashboard username for login check is build using "Base DN" content. Is it possible configure Dashboard LDAP auth for ENI multi-domain configuration?

Let me know if you need more information .

Thanks,
Sainyam

Any update on this one?

Thanks,
Sainyam

Hi Sainyam,

no it is not possible to configure YF for multi-domain LDAP authentication, I'm sorry for the bad news but that�s just how LDAP authentication works in Yellowfin at the moment.

We haven�t enhanced the YF LDAP mechanism so far because up to this point in time we�ve only had a couple of clients in the past who have had a similar setup as the one you described, and they dealt with it by setting up a sort of relay LDAP server that connected to their other LDAP servers across their domains, in other words the workaround was done at the LDAP server level rather than the YF application level.